From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 8 May 2020 12:44:02 +0000 (+0200)
Subject: libnftables: call nft_cmd_expand() only with CMD_ADD
X-Git-Tag: v0.9.5~14
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b81519f1641b508c289ddfefc800b2c20ab243e6;p=thirdparty%2Fnftables.git

libnftables: call nft_cmd_expand() only with CMD_ADD

Restrict the expansion logic to the CMD_ADD command which is where this
is only required.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/libnftables.c b/src/libnftables.c
index 32da0a29..668e3fc4 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -419,8 +419,12 @@ static int nft_evaluate(struct nft_ctx *nft, struct list_head *msgs,
 	if (nft->state->nerrs)
 		return -1;
 
-	list_for_each_entry(cmd, cmds, list)
+	list_for_each_entry(cmd, cmds, list) {
+		if (cmd->op != CMD_ADD)
+			continue;
+
 		nft_cmd_expand(cmd);
+	}
 
 	return 0;
 }